1. Field
The following description relates to an apparatus and a method for detecting a code injection attack, and more particularly, to an apparatus and method for detecting a code injection attack in which an attacker inserts a code into a process being performed, in an attempt to force execution of the inserted code by making use of a defect in an operating system (OS) or an application program in a computer system.
2. Description of Related Art
A code injection attack may be performed using a bug to cause an operating system (OS) or an application program to process erroneous data. Code injection attacks often cause damage to an OS or an application program, and often a user of a flawed system does not recognize the attack. For example, a code injection attack may increase an unauthorized user's ability to access various data and programs stored in a computer system.
When the code insertion attack inserts an attack code into a process being performed, for example, into a process being performed in a kernel mode, the attacker may be able to take control of the computer system. Thus, an attacker may overtake the command of the computer system and the computer may be operated according to a command from the attacker.
The attacker may remotely obtain a root authorization with respect to a target system through the code injection attack. The attacker may use the root authorization to steal desired information. Also, an attacker may use the computer system as a base for a distributed denial of service (DDoS) attack.
Often, the target system does not recognize the code injection attack. Accordingly, risk of damage associated with the code injection attack is significantly high. A maker of the OS and/or the application program may use a security patch and the like to block an attack repeated in the same manner as a previously known attack.
However, for previously unknown and unprepared for attacks, the code injection attack may continue to operate until defects of software are detected and eliminated. In addition, bugs and defects in software may be difficult to detect and/or eliminate.